47 points

Move it off server 2008.

I wish that was not a discussion we had with a customer.

permalink
report
reply
13 points

“The business critical software we’re using is not supported on 2012 or later”

permalink
report
parent
reply
15 points

That excuse works until you mention cyber insurance and suddenly a budget appears to get everything upgraded.

permalink
report
parent
reply
11 points

It gets worse.

Sometimes the software update is free. All it needs is a half dozen VMs spun up (in an environment of 1500+) and an approved change window to migrate the current version to new servers, and then another window to update. But your request for new VMs gets back burnered for close to a year because there’s still production machines on unsupported OSes.

Then a very large breach of the software in question happens while you’re on vacation.

By sheer luck, the outdated version is not affected. But suddenly it’s super important to upgrade to the latest version NOW. So you end up spending the next few days of vacation splitting your time between defending yourself, re-explaining the situation to “tech” VPs and up that are total frauds, and dealing with top level vendor support because migrating software and OS versions at the same time is not recommended. And then spending a nice relaxing overnight with one of their top engineers doing what was supposed to be an involved but routine process over multiple change windows, but is instead 9 hours of “this should work, guess we’ll find out” sphincter-clenching Leroy Jenkins action, in which the top-level engineer was needed more than once to fix something. All this while flying blind on a 2000+ node network because the software you had to emergency update without any guardrails (aside from snapshots) is the network monitoring software. Hell of a thing to back-burner, but I didn’t run the company that got sold for several billion so what do I know?

Oh, and three months later you get denied a merit raise because Covid and “nobody” got a raise.

So fucking glad to be rid of that toxic shithole.

permalink
report
parent
reply
4 points

or off windows server entirely

permalink
report
parent
reply
9 points

you get the same issues with nix distros.

permalink
report
parent
reply
2 points

But less of it.

permalink
report
parent
reply
14 points

And what, spend money on something that will save us even more money down the line? You fool, I won’t be working at this company by then!

permalink
report
reply
9 points

During my time working in IT for a power grid provider, it was challenging to find patch windows due to the critical nature of their services.

permalink
report
reply
11 points

That probably means there wasn’t a good testing process for patching and there wasn’t adequate redundancy. In theory, if a patch breaks one server it shouldn’t matter.

In reality, patch testing stacks up and gets behind and redundancies are rarely tested. That is expensive, time consuming work which probably isn’t worth the time of someone who is already underpaid and overworked. And fuck! If patch and redundancy testing ever breaks anything prod for whatever reason, the person who was testing everything gets blamed and fired so nobody is going to volunteer for that.

permalink
report
parent
reply
7 points

Use a static site generator instead of Wordpress.

permalink
report
reply
4 points

I’m a programmer that doesn’t know all that much about cybersecurity beyond the basic.

What do you guys think of AI pentesting? Is it made completely redundant by tools or is it going to be a viable strategy for pentesting?

permalink
report
reply
8 points

As with most things, I expect it’ll help the guys who know what they’re doing do their thing faster and more efficiently.

I don’t expect it to replace nor be a effective substitute for a properly trained pen tester.

It might be helpful to developers to fast track security testing, but I think there’s already a wide array of “non-AI” tools that accomplish that? Don’t know a lot about how it.couod affect that side of things.

permalink
report
parent
reply

Cybersecurity - Memes

!cybersecuritymemes@lemmy.world

Create post

Only the hottest memes in Cybersecurity

Community stats

  • 14

    Monthly active users

  • 80

    Posts

  • 1.2K

    Comments